diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index d7586f1759f775c232d1ddd6a6b03b8c66720e90..f07d8015c372a924727851fc5840cd9075c7e6e6 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -85,6 +85,10 @@ def self.endpoint_id_for_action(action_name)
     render_403
   end
 
+  rescue_from Browser::Error do |e|
+    render plain: e.message, status: :forbidden
+  end
+
   rescue_from Gitlab::Auth::IpBlocked do |e|
     Gitlab::AuthLogger.error(
       message: 'Rack_Attack',
diff --git a/spec/requests/application_controller_spec.rb b/spec/requests/application_controller_spec.rb
index b5c70c83869aa70c0e921d5e30570f9c9f759342..2c151c425ee642bcaeb801f3823f043944137575 100644
--- a/spec/requests/application_controller_spec.rb
+++ b/spec/requests/application_controller_spec.rb
@@ -59,4 +59,30 @@
       expect(response.body.encoding.name).to eq('UTF-8')
     end
   end
+
+  describe 'User-Agent header' do
+    before do
+      sign_in(user)
+
+      get root_path, headers: { 'User-Agent': user_agent }
+    end
+
+    context 'when missing' do
+      let(:user_agent) { nil }
+
+      it { expect(response).to have_gitlab_http_status(:ok) }
+    end
+
+    context 'when correct' do
+      let(:user_agent) { 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)' }
+
+      it { expect(response).to have_gitlab_http_status(:ok) }
+    end
+
+    context 'when too long' do
+      let(:user_agent) { 'a' * 3000 }
+
+      it { expect(response).to have_gitlab_http_status(:forbidden) }
+    end
+  end
 end